Section 3

Section 3

3.   Interpretation of the Requirements of ISO 9001:2000

This section will give guidance for the application of the requirements of ISO 9001:2000. The shaded areas give a copy of the specific requirements of ISO 9001:2000. After each shaded area there will be supplementary guidance to the given requirements.

4     Quality management system

4.1 General requirements

The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard.

The organization shall

a)    identify the processes needed for the quality management system and their application throughout the organization (see 1.2),

b)    determine the sequence and interaction of these processes,

c)    determine criteria and methods needed to ensure that both the operation and control of these processes are effective,

d)    ensure the availability of resources and information necessary to support the operation and monitoring of these processes,

e)    monitor, measure and analyze these processes, and

f)     implement actions necessary to achieve planned results and continual improvement of these processes.

These processes shall be managed by the organization in accordance with the requirements of this International Standard.

NOTE  Processes needed for the quality management system referred to above should include processes for management activities, provision of resources, product realization and measurement.

Where an organization chooses to outsource any process that affects product conformity with requirements, the organization shall ensure control over such processes. Control over such outsourced processes shall be identified within the quality management system.

Guidance

The quality management system should:

a.    Identify the processes needed for the quality management system. Also, identify all activities that affect the quality of the product. For example, certain accounting activities (such as payroll) may not be part of the scope of a quality system (unless accounting is a core part of the business).

b.    Determine the sequence and interaction of these processes. In order to control ongoing activities, an organization first needs to know what these activities are. Which activities are carried out, in which sequence, and what is the relationship between them?

c.    Determine criteria and methods needed to ensure the effective operation and control of these processes. Activities need to be controlled. This means that they should be organized in such a way that customer requirements are consistently met. As stated earlier, customer requirements are not only the written requirements in contracts; they cover all customer expectations, both objective and subjective. In short, the quality management system should be beneficial to customers and to the organization itself. In this way it is a management tool, and not a goal in itself.

d.    Ensure the availability of resources and information necessary to support the operation and monitoring of these processes. Resources and information are key factors in controlling activities. The quality management system should be a dynamic system. It is not something that is created once and then remains unchanged. Customers change, markets change, organizations change, and the people in an organization change. A quality management system should reflect these changes so that it remains a dynamic tool for serving customers. It should be a help now AND in the future.

e.    Monitor, measure and analyse these processes. Improvement is only possible if you know where to improve. This means that you need to collect data on the effectiveness of your operations. However, data alone will not give you any information. Data will only become useful if you analyse them. This analysis should give you the necessary information for you to determine where your organization stands.

f.    An important addition in ISO 9001:2000 is the requirement to improve the quality management system. This means that it should not only be a tool for control of processes, but also for continuous improvement: knowing performance based on analysis of data and information, and improving the organization based on this knowledge.

4.2 Documentation requirements

4.2.1  General

The quality management system documentation shall include

a)    documented statements of a quality policy and quality objectives,

b)    a quality manual,

c)    documented procedures required by this International Standard,

d)    documents needed by the organization to ensure the effective planning, operation and       control of its processes, and

e)    quality records required by this International Standard (see 4.2.4).

NOTE 1  Where the term "documented procedure" appears within this International Standard, this means that the procedure is established, documented, implemented and maintained.

NOTE 2  The extent of the quality management system documentation can differ from one organization to another due to

a) size and type of the organization;

b) complexity of processes and their interactions, and

c) competence of personnel.

NOTE 3 The documentation can be in any form or type of medium.

Guidance

ISO 9001:2000 requires that certain aspects of the quality management system are documented.  Specifically, this includes a quality policy, quality objectives, a quality manual, procedures, planning documents and quality records.

Procedures describe what is being done in an organization. They help to make things clear for personnel, and they can also help create consistency in work.  A quality management system is not a set of procedures describing every minute detail of an organizations operations.  The quality management system should be an effective, user friendly balance of procedures, work instructions and forms, which will assist personnel in their day-to-day work.

The effectiveness of procedures depends on how they are applied to an organization.  In other words, they should be tailored to an organization.  In a small organization with relatively simple processes and activities, procedures should (accordingly) be limited and simple. Larger organizations with more complicated activities should have more detailed procedures, but in all cases the procedures should still be as practical as possible.

Please note that ISO 9001:2000 does not in all cases require documented procedures.  In some cases there is no need to document existing practices.  However, there must still be a procedure in place: a consistent way of performing the work involved.

4.2.2  Quality manual

The organization shall establish and maintain a quality manual that includes:

a)    the scope of the quality management system, including details of and justification for any exclusions (see 1.2),

b)    the documented procedures established for the quality management system, or reference to them, and

c)    a description of the interaction between the processes of the quality management system.

Guidance

Each organization will need to have a quality manual that either includes or references its quality system procedures. The quality manual is the “road map” of the quality management system: it does not necessarily say how activities are performed but, rather, states the general policies with regard to the quality management system in relation to the requirements of ISO 9001:2000.

ISO 9001:2000 requires that the quality manual, at minimum, cover all the elements of the standard. It should be clear in the quality manual that these elements are not requirements or policies that are independent from each other, but that they interact with each other as a part of the quality management system. Also, any reduction in scope should be explained in the quality manual.

Typically, a quality manual may contain the following information:

-       the quality policy and objectives;

-       the activities of the organization;

-       how the system works;

-       statements on responsibilities, authorities, and roles/interrelations of personnel;

-       policies covering the elements of ISO 9001:2000;

-       reduction in scope, if applicable (why are certain requirements not applicable?).

If any of the above information is not included in the quality manual, it is acceptable for the quality manual to indicate where they may be found.

Each organization is free to choose a format for the quality manual that is considered most appropriate. For example, it is equally acceptable for the quality manual to follow normal work processes as it is to follow the format of ISO 9001:2000. If the chosen format is different from the format of ISO 9001:2000, it is advisable to create a cross-reference matrix between the manual and the standard to ensure nothing has been missed and to act as a signpost to others reading the quality manual.

4.2.3 Control of documents

Documents required for the quality management system shall be controlled. Quality records are a special type of document and shall be controlled according to the requirements given in 4.2.4.

A documented procedure shall be estabIished to define the controls needed

a)    to approve documents for adequacy prior to issue,

b)    to review and update as necessary and re-approve documents,

c)    to ensure that changes and the current revision status of documents are identified,

d)    to ensure that relevant versions of applicable documents are available at points of use,

e)    to ensure that documents remain legible and readily identifiable,

f)     to ensure that documents of external origin are identified and their distribution controlled, and

g)    to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.

Guidance

The intent of this element is to ensure that people use the correct versions of the correct documents. The use of incorrect or obsolete documents can result in mistakes and, ultimately, in nonconforming product and/or service. New or revised documents should be approved prior to issue. This does not necessarily mean that documents need to be signed. Any form of approval is acceptable as long as the procedure indicates what constitutes the evidence that documents are approved. Once documents are approved, the new or revised documents need to be available at the locations where they are used or needed. Obsolete documents need to be removed or destroyed. If obsolete documents are not destroyed, they should be identified so that people know they are obsolete.

In order to control the use of documents, ISO 9001:2000 requires a method for identifying the current revision status of documents. One way this can be done is by maintaining a master list that identifies all controlled documents and their revision status (number, date, or equivalent). Any controlled document can be compared with this master list to verify if the latest revision is in use. Another possible method that precludes the use of obsolete documents is the use of a master file of original documents (such as drawings).

Of all requirements of ISO 9001:2000, this is one that is most likely to be over-applied. It is important not to lose sight of the intent of this requirement: to control the distribution of documents to make sure that work is being carried out according to the correct set of instructions. Document control is basically about making sure that the document that is in use is the applicable approved issue. This is important because people must have the information they need to do the jobs. There is a risk of ending up with complex arrangements for updating and retrieving documents. The standard requires information to be up-to-date, but does not specify how this should be done. There is a lot of flexibility.  By adopting the simplest and

most practical methods of document control, unnecessary bureaucracy and costs can be avoided.

4.2.4 Control of quality records

Quality records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Quality records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of quality records.

Guidance

There is a difference between documents and records. Essentially, documents are used to describe or control how things are to be done and are capable of being revised to reflect changing circumstances. Records are generated as a result of some activity and are statements of facts existing at the time.  Records cannot be revised. For example: a form which is used for ordering products and/or services from vendors (purchase order) is a document. A completed purchase order stating what has been ordered from the vendor is a record.

Other examples of records are:

-       minutes of management reviews;

-       inspection records;

-       quotations;

-       customer orders;

-       audit reports;

-       training records;

-       corrective/preventive action records;

-       minutes of design review meetings;

-       completed nonconformance reports.

Each organization should identify which records are used and a documented procedure should define how these records are identified, where they are stored, how they are retrieved, how they are protected, what their retention time is, and how they are disposed of.

5 Management responsibility

5.1 Management commitment

Top management shall provide evidence of its commitment to the development and implementation of the quality management system and continually improving its effectiveness by

a)    communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements,

b)    establishing the quality policy,

c)    ensuring that quality objectives are established,

d)    conducting management reviews, and

e)    ensuring the availability of resources.

Guidance

Top management should be the driving force when implementing, maintaining, and improving a quality management system. What people do, and how this affects customers (in other words: the quality management system), cannot be effectively managed without a clear commitment from top management.  This is not a commitment in “words”; it is the continuous and active demonstration to everyone in the organization that meeting customers’ expectations is vital for the existence of the organization.

As a minimum, top management should:

-       communicate to the organization the importance of meeting customer as well as regulatory requirements (see 5.5.3);

-       establish a quality policy and objectives (see 5.4.1);

-       conduct management reviews (see 5.6); and

-       ensure the availability of resources (see 6).

5.2 Customer focus

Top management shall ensure that customer requirements are determined and fulfilled with the aim of enhancing customer satisfaction (see 7.2.1 and 8.2.1).

Guidance

Every organization depends on its customers. Without satisfied customers, the organization cannot exist.  Therefore, this requirement of ISO 9001:2000 is the core of the quality management system. An organization should be able to answer the following questions on a continuous basis:

-       What do customers need and what do they expect?

-       What does this mean for the organization? What is the organization required to do in order to meet these customer expectations?

-       Does the organization understand customer requirements and are these requirements actually met?

There should be some method of establishing how the customer requirements are determined. Methods could include:

-       carrying out market/customer surveys;

-       access to industry reports;

-       identification of niche marketing opportunities.

5.3 Quality policy

Top management shall ensure that the quality policy

a)    is appropriate to the purpose of the organization,

b)    includes a commitment to comply with requirements and continually improve the effectiveness of the quality system,

c)    provides a framework for establishing and reviewing quality objectives,

d)    is communicated and understood within the organization, and

e)    is reviewed for continuing suitability.

Guidance

The quality policy is a clear statement by the organization to indicate what is important in terms of quality. The quality policy establishes:

-       a commitment to quality;

-       a commitment to continuous improvement;

-       what the business does;

-       what the quality objectives are, and how they are reviewed;

Obviously, the policy needs to be relevant for the type of activities an organization performs.

It is important that the quality policy covers the whole organization and is relevant to the expectations of all customers. Therefore, customer requirements (see 5.2) should be determined before the quality policy is established.

All employees need to understand the quality policy, how it affects them, and their role in the quality system.

It is important to keep in mind that the quality policy may be suitable today, but may not be suitable in the future due to changing circumstances. The quality policy must therefore be regularly reviewed for suitability.

5.4 Planning

5.4.1 Quality objectives

Top management shall ensure that quality objectives, including those needed to meet requirements for product (see 7.1a), are established at relevant functions and levels within the organization. The quality objectives shall be measurable and consistent with the quality policy.

Guidance

While the quality policy is a generic statement indicating what is important for the organization in terms of quality, the quality objectives are specific goals to be achieved within a certain time frame. Examples of specific goals are:

-       reduce scrap by 10% within the next 6 months;

-       increase customer satisfaction by 10% within the next year;

-       reduce number of nonconforming products by 15% within the next year;

-       reduce the number of key vendors from 100 to 25 in the next three years, etc.

ISO 9001:2000 specifically refers to quality objectives at the relevant functions and levels within the organization. This means, for example, that an organization with sales, design, purchasing, and production departments (functions) needs to have quality objectives for each department, in addition to quality objectives for the organization as a whole.

An organization is free in choosing the quality objectives, as long as they are relevant to the products/services of the organization and the quality policy. Quality objectives must be measurable and must include objectives directly related to the products or services of the organization.

5.4.2 Quality management system planning

Top management shall ensure that:

a)    the planning of the quality management system is carried out in order to meet the requirements given in 4.1, as well as the quality objectives, and

b)    the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

Guidance

How is quality achieved?  Once the customer’s requirements are known, it is important to plan the activities necessary to deliver the desired product and/or service, to achieve the quality objectives, and to ensure continual improvement.  This includes identifying activities necessary to deliver the product and/or service, necessary resources, verification activities (such as inspections), criteria for acceptability of product and/or service, and the records to be established in the process.

Planning does not have to be a sophisticated process.  Examples of documenting planning activities are:

-       the quality manual and associated procedures;

-       work orders;

-       travellers;

-       production plans.

Planning should be consistent with the complexity of the organization.  For example, a small organization with routine processes can choose to document their planning activities in a set of simple procedures.  A larger organization with customized products and/or services will need to document how quality will be achieved for each customized order in work orders and/or travellers.

Planning should not only apply to delivering the required product and/or service and achieving quality objectives, but also to organizational change.  Changes in an organization should be planned in order to minimize the risk of negative effects on quality of product and/or service.

5.5 Responsibility, authority and communication

5.5.1 Responsibility and authority

Top management shall ensure that the responsibilities, authorities and their interrelation are defined and communicated within the organization.

Guidance

There can be no effective way of working if employees do not know their responsibilities. Everyone should know what they are expected to do (responsibilities) and what they are allowed to do (authorities).  They should know their role (position) in the organization and how this relates to other roles (positions).  Others in the organization should be aware of this if they deal with these employees.

Descriptions do not have to be elaborate or complex.  It is important that descriptions clearly reflect the “real life” situation and allow for flexibility.  One method of identifying responsibilities and authorities is to have a job description, supplemented by a simple organization chart.  Another example method is to define authorities, responsibilities and roles/interrelations in procedures or training documents.

5.5.2 Management representative

Top management shall appoint a member of the management who, irrespective of other responsibilities, shall have responsibility and authority that includes

a)    ensuring that processes needed for the quality management system are established, implemented and maintained,

b)    reporting to top management on the performance of the quality management system and any need  for improvement, and

c)    ensuring the promotion of awareness of customer requirements throughout the organization.

NOTE   The responsibility of a management representative can include liaison with external parties on matters relating to the quality management system.

Guidance

Someone with management authority should act as the organization’s management representative for quality or “quality manager”.  This person must have the necessary authority within the organization to ensure that the quality management system is working. ISO 9001:2000 specifically requires this person to be a member of management within the organization.  People from outside the organization (for example consultants) cannot be the management representative unless they have a management position within the organization. Obviously, the management representative can have other responsibilities as well.

The authority of the management responsibility must include at least the duties as described in paragraph 5.5.3.

It is important to note that it is not the role of the management representative to “run" the quality system.  A quality system can only be effective if it is carried by all personnel in the organization, especially top management.  The management representative has a supportive role: ensuring that the necessary data is collected, reporting to and advising top management.

5.5.3 Internal communication

Top management shall ensure that appropriate communication processes are established within the organization and that communication takes place regarding the effectiveness of the quality management system.

Guidance

In order to establish an effective quality management system, it is not only necessary that employees know their roles/interrelations, responsibilities, and authorities (see 5.6.2), but there should also be established ways of communication between people within the organization. Management should ensure that people have the information necessary in order to be able to do their work, and ensure that quality requirements, objectives, and achievements are communicated to all relevant personnel. Tools for communication may include:

-       team briefings;

-       visual management activities;

-       notice boards;

-       audio-visual and electronic media.

5.6 Management review

5.6.1 General

Top management shall review the organization’s quality management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness. This review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.

Records from management reviews shall be maintained (see 4.2.4).

5.6.2 Review Input

The input to management review shall include information on

a)    results of audits,

b)    customer feedback,

c)    process performance and product conformity,

d)    status of preventive and corrective actions,

e)    follow-up actions from previous management reviews,

f)     planned changes that could affect the quality management system, and

g)    recommendations for improvement

5.6.3 Review output

The output from the management review shall include any decisions and actions related to

a) improvement of the effectiveness of the quality management system and its processes,

b) improvement of product related to customer requirements, and

c) resource needs.

Guidance

The complete quality management system should be reviewed by top management on a regular basis.  Management decides the frequency, but it should be frequent enough to ensure the effectiveness of the system (usually once or more per year).

Management reviews make quality management systems dynamic. Without these reviews, a system may become ineffective over time.  Organizations change, customers/markets change, and people change.  These changes require modifications in the quality management system.  Regular management reviews ensure that the quality management system is still suitable, adequate, and effective in a changed environment.

In order to be effective, management reviews should be well prepared.  As a minimum, this preparation needs to include the information as described in section 5.6.2.  This allows top management to assess the effectiveness of the quality management system based on the quality policy and the quality objectives, and to define the opportunities for improvement and the need for changes.

The results of management reviews should be in the form of specific actions, ensuring that improvements are made in products, processes, and the management system, and that resource needs are identified.  The results of management reviews should be recorded in some way; perhaps in minutes, checklists, or to-do lists.

A management review does not necessarily have to be conducted in one meeting (i.e. once per year).  A series of meetings can be held, each covering a part of the quality management system, or a part of the organization.

6 Resource management

6.1 Provision of resources

The organization shall determine and provide the resources needed

a)    to implement and maintain the quality management system and continually improve its effectiveness, and

b)    to enhance customer satisfaction by meeting customer requirements.

Guidance

This section of ISO 9001:2000 covers the specific requirements for management of resources.  These resources include human resources, facilities and work environment. Sufficient resources must be allocated for implementing, maintaining and improving the quality management system, as well as for enhancing customer satisfaction and meeting customer requirements.

6.2 Human resources

6.2.1 General

Personnel performing work affecting product quality shall be competent on the basis of appropriate education, training, skills and experience.

Guidance

Every person working in an organization must be qualified to do his/her job. This means that qualification criteria should be established based on education, experience, and training. See 6.2.2.

6.2.2 Competence, awareness and training

The organization shall

a)    determine the necessary competence for personnel performing work affecting product quality,

b)    provide training or take other actions to satisfy these needs,

c)    evaluate the effectiveness of the actions taken,

d)    ensure that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives, and

e)    maintain appropriate records of education, training, skills and experience (see 4.2.4).

Guidance

Employees need to be aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives.  In order for an organization to have qualified/competent people within, it should consider the following steps:

-       Determine the competency and training needs.  The competency and training of the people in an organization needs to be reviewed regularly relative to the needed (required) competence and training.  This should not only be done for new employees, but also for existing employees.   There should be a mechanism for identifying needs on a regular basis.  One way this can be done is by means of performance evaluations.

-       Provide training to address identified needs.  Once the need for training is established, the training should actually be provided.

-       Evaluate the effectiveness of training. Training is never a goal in itself.   On a regular basis, companies should ask: was the training effective in accomplishing its goals?

Records must be kept covering all education, training, skills and experience for each employee.  These records can be kept in any form: training logs, diploma’s, certificates, training matrices, invoices, resumes, etc.

Training can be done in any form: internally or externally, formal or informal, classroom or on-the-job.  Companies must determine their own training needs and provide the training.

6.3 Infrastructure

The organization shall determine, provide and maintain the infrastructure needed to achieve conformity to product requirements. Infrastructure includes, for example

a) buildings, workspace and associated utilities,

b) process equipment, both hardware and software, and

c) supporting services such as transport or communication.

Guidance

Failure of equipment (such as welding equipment in a machine shop), lack of facilities (such as shortage of shelf space at a distributor), or lack of repair/maintenance capability can have serious effects on quality of product and/or service. It is therefore essential that infrastructure is identified and controlled.

The focus should be on the infrastructure that is most important for the type of organization. For example, a manufacturer of chemical products should probably focus on equipment and maintenance, while a law firm will put more emphasis on workspace and associated facilities. Similarly, if an organization has equipment that can easily be replaced without affecting quality of product and/or service, maintenance activities can be relatively simple and limited. More complex equipment that is difficult to replace should have a more extensive maintenance program.

6.4 Work environment

The organization shall determine and manage the work environment needed to achieve conformity to product requirements.

Guidance

Resources are not complete if the work environment is not considered.  Working conditions can influence the quality of product and/or service, and should therefore be controlled.  It is up to individual organizations to define these conditions, to be aware of and be in compliance with regulatory requirements.

Participation of those who are actually affected by the work environment may be beneficial when defining the work environment.

This element needs more emphasis in industries where work environment can have a high impact on quality (for example foundries and certain chemical manufacturers).

7 Product realization

7.1 Planning of product realization

The organization shall plan and develop the processes needed for product realization. Planning of product realization shall be consistent with the requirements of the other processes of the quality management system (see 4.1).

In planning product realization, the organization shall determine the following, as appropriate:

a)    quality objectives and requirements for the product;

b)    the need to establish processes, documents, and provide resources specific to the product;

c)    required verification, validation, monitoring, inspection and test activities specific to the product and the criteria for product acceptance;

f)     records needed to provide evidence that the realization processes and resulting product fulfill requirements (see 4.2.4).

The output of this planning shall be in a form suitable for the organization’s method of operations.

NOTE 1   A document specifying the processes of the quality management system (including the product realization processes) and the resources to be applied to a specific product, project or contract, can be referred to as a quality plan.

NOTE 2  The organization may also apply the requirements given in 7.3 to the development of product realization processes.

Guidance

This requirement is about controlling operations. An organization needs to ensure that all activities take place under controlled conditions.  In other words: operations must be organized in such a way that the customers are provided with the products or services that they want.

Most organizations already have their operations well organized. The best indicator for this is the fact that most of their customers are satisfied with the product they get.  However, the key word here is consistency. Controlled conditions imply that an organization is consistently providing products that meet customer’s expectations.

Therefore, activities need to be documented.  However, it is important to realize that it is not necessary to document all activities.  It is only important to document an activity if the absence of such a procedure would adversely affect quality.  It is useless to create a procedure for a chef that explains how to cook, for a surgeon that explains how to operate, or for a truck driver that explains how to drive.  If there is a problem in this area, it is probably better to consider training.  Rather, documented procedures should focus on those activities that require coordination and communication, or that are dependent on critical data and

information. For example: a procedure may describe the sequence of certain operations, or may include acceptance criteria and tolerances.

While a lack of documented procedures may result in inconsistencies and misunderstandings, it is important to consider that too many procedures will not be effective either.  Over-documentation can easily result in unnecessary bureaucracy or inflexibility.  The number and type of procedures should be dependent on the size and complexity of the organization.   A small distributor with only a few employees will likely have very simple and straightforward documentation, while a large nuclear plant may need very sophisticated procedures in order to keep their operations under control.  Organizations need to identify the activities for which instructions are necessary and then document them.

A word about flexibility: it is not the existence of procedures that will make an organization inflexible.  Rather, it is the content of the procedures that will create either flexibility or inflexibility.

Procedures can take many forms: work instructions, operator instructions, specifications, flow charts, checklists, or even pictures or videos.  Each organization needs to determine which format(s) will meet its needs best. In any case, a procedure and its format should be practical and easy to understand by the people who use it.  Before creating any new procedures, it is always a good idea to consider the documentation that is already in place.  This documentation may go a long way in meeting the requirements of ISO 9001:2000.

7.2 Customer-related processes

7.2.1 Determination of requirements related to the product

The organization shall determine

a)    requirements specified by the customer, including the requirements for delivery and post-delivery activities,

b)    requirements not stated by the customer but necessary for specified use or known and intended use,

c)    statutory and regulatory requirements related to the product, and

d)    any additional requirements determined by the organization.

Guidance

In order to be able to provide a product that meets customers’ expectations, it is necessary to know exactly what the requirements for the product are.   For each product, an organization needs to consider:

-       the requirements that are specified by the customer.  For example, a car manufacturer will need to know exactly the type, model, colour, required delivery time, etc.  This includes

requirements after delivery of product is complete, such as servicing of products or warranty activities.

-       the requirements not specified by the customer.  For example, a car manufacturer will need to use special coatings and coating techniques in order to prevent rust.

-       statutory and regulatory requirements.  A car manuafacturer must comply with numerous requirements that are imposed by regulatory bodies, for example safety requirements.

-       other requirements determined by the organization.  For example, a car manufacturer that wishes to focus on customers with high incomes will define specific requirements for the design of cars: size, model, power and speed.

7.2.2 Review of requirements related to the product

The organization shall review the requirements related to the product. This review shall be conducted prior to the organization’s commitment to supply a product to the customer (e.g. submission of tenders, acceptance of contracts or orders, acceptance of changes to contracts or orders) and shall ensure that

a)    product requirements are defined,

b)    contract or order requirements differing from those previously expressed are resolved, and

c)    the organization has the ability to meet defined requirements.

Records of the results of the review and actions arising from the review shall be maintained (see 4.2.4).

Where the customer provides no documented statement or requirement, the customer requirements shall be confirmed by the organization before acceptance.

Where product requirements are changed, the organization shall ensure that relevant documents are amended and that relevant personnel are made aware of the changed requirements.

NOTE  In some situations, such as internet sales, a formal review is impractical for each order. Instead the review can cover relevant product information such as catalogues or advertising material.

Guidance

The intent of this requirement is that organizations ensure that they understand and can meet customer requirements before promising the customer that product or service can be provided.  In order to avoid misunderstandings about what exactly the customer ordered, it is necessary to review the customer’s request or order.

A request for quotation that is received from a customer needs to be reviewed before a quote is submitted.  An organization must determine if:

-       the information from the customer is clear and specific;

-       it has the capability to provide the requested product.

Once a quotation is provided to the customer and the customer places an order (accepting the quotation), the order and the quotation must be compared to determine if there are any differences between them. Any differences need to be resolved with the customer.

If the customer places an order without having been previously quoted, this order needs to be reviewed before it is accepted.   An organization must determine if:

-       the order is clear and specific;

-       it has the capability to provide the requested product.

ISO 9001:2000 requires that organizations maintain records of these reviews. The record of the review can be as simple as a notation on the request for quotation or the order with the initials of the reviewer and the date. If the request for quotation or order is not accepted (for whatever reason) or needs clarification, follow-up actions must also be recorded. For verbal orders (for example by telephone) it is important to confirm the order before acceptance. This can be done, for example, by reading it back to the customer, asking for confirmation. In general, verbal and electronic orders need some special considerations to record the order. For example, the details of a telephone order may be recorded on a pad, and an electronic order may be recorded by printing it or saving it in the computer.

It is possible that an existing order needs to be changed. If this is the case, it should be clear how this change is to be handled.  Most organizations handle these changes in the same way as a new order.  It is also important that these changes are communicated to all individuals who are affected by them.  Typically, the purchasing department, the scheduling department, and the production department are affected, and should therefore be informed.

7.2.3 Customer communication

The organization shall determine and implement effective arrangements for communicating with customers in relation to

a)    product information,

b)    enquiries, contracts or order handling, including amendments, and

c)    customer feedback, including customer complaints.

Guidance

The satisfaction of customers does not only depend on the quality of final product, but also on the communication between the organization and the customers.  Poor communication, even if acceptable product is provided, can result in dissatisfied customers.  Therefore, it should be clear who has the responsibility and authority to communicate with the customers. It is important that the following questions are answered:

-       Who provides product information to the customer, and how is it provided?  How does the organization ensure that this product information is correct and timely?

-       Who is responsible for handling requests for quotations and customers’ orders? (see 7.2.2)

-       By whom and how is customer feedback received and handled?  This includes both planned feedback (for example, as a result of customer surveys), and unplanned feedback (for example, customer complaints).

By considering these issues, an organization can ensure that both internal operations and communication with the customer are controlled.

7.3 Design and development

7.3.1 Design and development planning

The organization shall plan and control the design and development of product.

During the design and development planning, the organization shall determine

a)    the design and development stages,

b)    the review, verification and validation that are appropriate to each design and development stage, and

c)    the responsibilities and authorities for design and development.

The organization shall manage the interfaces between different groups involved in design and development to ensure effective communication and clear assignment of responsibility.

Planning output shall be updated, as appropriate, as the design and development progresses.

Guidance

It is as important for design and development activities to be controlled as it is for operations to be controlled.  Design and development activities can be complex and it is not always easy to keep the timelines under control.  While it is in no way the intent of this requirement to restrict the creativity of the designer, it is very important to ensure that the design and development process is controlled.  Like any other operation, the type and extent of the design control should be dependent on the complexity of the design, and the number of people involved.  In some cases, design and development plans can be as simple as a short flow-chart or checklist.  In more complex designs, more sophisticated planning techniques are necessary.

The first step is to create a clear design and development plan.  This plan should identify responsibilities/authorities and specific timelines.  It should describe which groups or individuals are involved (for example: customers, subcontractors, regulatory bodies, etc.) and how.  It should also clearly identify the stages of the design process, including any checks and/or verifications for each stage.

It is not uncommon for conditions to change during the design and development process.  A design and development plan only has value if it is being updated when these changes occur.

7.3.2 Design and development inputs

Inputs relating to product requirements shall be determined and records maintained (see 4.2.4). These shall include

a)    functional and performance requirements,

b)    applicable statutory and regulatory requirements,

c)    where applicable, information derived from previous similar designs, and

d)    other requirements essential for design and development.

These inputs shall be reviewed for adequacy. Requirements shall be complete, unambiguous and not in conflict with each other.

Guidance

In every design and development process, simple or complex, it is crucial to know what is required. The design and development input is defined by all requirements that the design must meet in order to be successful. In other words, it should be clear how the final product is going to look, and which conditions must be fulfilled. For example:

-       A chef will need to consider the characteristics of the meal that he/she is going to design: type of meal, taste, type of ingredients, size, etc.

-       Before designing a prosthesis for a patient, a dentist will need to gather information about the patient and assess his/her preferences.

-       A designer of customized oil field equipment will need to have detailed information about application, dimensions, materials, tolerances, etc.

7.3.3 Design and development outputs

The outputs of design and development shall be provided in a form that enables verification against the design and development input and shall be approved prior to release.

Design and development outputs shall

a)    meet the input requirements for design and development,

b)    provide appropriate information for purchasing, production and for service provision,

c)    contain or reference product acceptance criteria, and

d)    specify the characteristics of the product that are essential to its safe and proper use.

Guidance

The design and development output is the result of the design and development process.  The output is a clear description of the product, containing detailed information for production.  For example, based on the customer’s requirements (design input), the chef will be able to clearly and specifically describe the process of preparing the meal, including the type and quantity of ingredients.  In this example, the design output is documented on a recipe.

Other examples of design and development outputs are:

-       an engineering design that is generally in the form of drawings and calculations;

-       a fashion design that is in the form of sketches with specification relating to the fabric to be used;

-       a graphics art design that is in the form of a particular layout to be used in a publication.

The format of the design and development output is obviously dependent on the type of organization.  The design and development plan should describe what form output should be in.   Whatever the format, it is essential that the output meet the input requirements, that it contains clear criteria for acceptance or rejection, and that it clearly defines the characteristics of the product.

7.3.4 Design and development review

At suitable stages, systematic reviews of design and development shall be conducted,

a)    to evaluate the ability of the results of design and development to fulfill requirements, and

b)    to identify problems and propose necessary actions.

Participants in such reviews shall include representatives of functions concerned with the design and development stage(s) being reviewed. Records of the results of the reviews and any necessary actions shall be maintained (see 4.2.4).

Guidance

Design and development review is a check to determine if the design and development activities are on track.  More specifically, organizations need to verify if design is adequate in meeting the customer’s and other requirements (design and development input).  For simple designs it may be sufficient to have only one design review at the very end of the design process.  However, performing only one design review may be very risky for more complex designs.  If there are any problems identified as a result of the design review, it may be very costly and in some cases too late to go back and redo some of the design activities in order to correct the problems.

The results of the design reviews, including any problems that are identified and their solutions, must be recorded.  This may be as simple as noting on the plan that the review has been carried out, as well as any follow-up actions, signed off by the reviewer and dated. However, more complex designs may be reviewed in a formal meeting, and the minutes of this meeting would constitute the design review record.

Thorough design reviews can prevent problems in a later stage. Therefore, all relevant parties should be involved. This may include internal departments, as well as customers and subcontractors.

7.3.5 Design and development verification

Verification shall be performed to ensure that the design and development outputs have satisfied the design and development input requirements. Records of the results of the verification and any necessary actions shall be maintained (see 4.2.4).

Guidance

Design and development verification is the formal check that is done at the end of the design and development process to see if the results meet the original requirements.  For example: does the drawing meet the customer’s, regulatory, and other requirements?  Does the recipe meet the customer’s expectations?

If the design and development output is approved, the organization will go ahead with manufacturing the product or providing the service based on the design. Therefore, it should be clear (for example in the design plan) who is authorized to perform the design and development verification, how the verification is done, and where it is recorded.

7.3.6 Design and development validation

Design and development validation shall be performed in accordance with planned arrangements (see 7.3.1) to ensure that the resulting product is capable of fulfilling the requirements for the specified or known intended use or application.  Wherever practicable, validation shall be completed prior to the delivery or implementation of the product. Records of the results of validation and any necessary actions shall be maintained (see 4.2.4).

Guidance

After the design and development verification is completed, the actual product (or service) is produced/created. Design validation is checking that the actual physical product meets the original input requirements. This is the final stage of the design and development process and is a valuable opportunity to prevent serious financial loss.  Design and development validation should be performed before delivery of the product to the customer so that any problems can be corrected.

Sometimes it is impractical to perform design and development validation before delivery of the product to the customer. For example: certain types of oilfield equipment or medical prostheses. With these sorts of products, the organization should perform checks of the parts of the final product.

In other cases, performing design and development validation before introducing the new product is required by law, for example, in the case of introducing a new medicine.

If the design and development output is, in itself, the actual product (see 7.3.3), then design and development verification and validation are one and the same activity. This may be the case, for example, for an Engineering Firm.

ISO 9001:2000 requires that the results of design and development validation activities be recorded, including follow-up actions where applicable.

 7.3.7 Control of design and development changes

Design and development changes shall be identified and records maintained. The changes shall be reviewed, verified and validated, as appropriate, and approved before implementation. The review of design and development changes shall include evaluation of the effect of the changes on constituent parts and delivered product.

Records of the results of the review of changes and any necessary actions shall be maintained (see 4.2.4).

Guidance

Stable designs are very rare.  Most designs are subject to frequent changes sometimes before the design process is finished.  It is as important to control these changes as it is to control the original design and development process.  It should be clear how these changes are handled and what effects they have on the product.  Most organizations choose to handle any changes to designs similar to the way new designs are handled.

7.4 Purchasing

7.4.1 Purchasing process

The organization shall ensure that purchased product conforms to specified purchase requirements.  The type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product.

The organization shall evaluate and select suppliers based on their ability to supply product in accordance with the organization's requirements. Criteria for selection, evaluation and re-evaluation shall be established. Records of the results of evaluations and any necessary actions arising from the evaluation shall be maintained (see 4.2.4).

Guidance

An organization can do an excellent job of controlling its own activities, but if suppliers are not performing satisfactorily, the organization and its customers may be negatively affected.  It is crucial that suppliers are controlled, especially if they are particularly important for the operation of an organization.

This requirement of ISO 9001:2000 is related to ensuring that organizations get good products from their suppliers. Obviously not all suppliers are equally important. The standard requires more energy to be spent on those suppliers that have the most impact on the quality

of product. For example, steel pipe manufacturers will need to put emphasis on the control of the supplier of steel rather than on the supplier of spare parts (such as bearings) for their machinery. On the other hand, a distributor of bearings will need to ensure that the supplier of bearings provides good product and on time.

-       Organizations need to identify which materials and services that they buy can affect the quality of their products. Then they need to establish criteria for the selection of suppliers that can provide these materials and services

7.4.2 Purchasing information

Purchasing information shall shall describe the product to be purchased, including where appropriate

a)    requirements for approval of product, procedures, processes and equipment,

b)    requirement for qualification of personnel, and

c)    quality management system requirements.

The organization shall ensure the adequacy of specified purchase requirements prior to their communication to the supplier.

Guidance

While it is important that organizations are clear in ordering what they want, it is equally important not to give unnecessary details in purchase orders. Purchase orders that are too detailed can lead to confusion, and should therefore be avoided. Rather than describing all the details of a product, it is often much better to limit the purchase order to simply mentioning the catalogue number (as long as this is a unique number and the supplier has the correct catalogue).

It is acceptable to give verbal instructions to a supplier, although this makes for ordering complex products or services very difficult (for example, the services of an engineering firm). In all cases, it is the intent of this requirement to avoid misunderstandings between supplier and receiver. If an organization chooses to place a verbal order with a supplier, it will need to keep a record of what was ordered. This enables the organization to verify that it is actually getting what was asked for.

Lastly, ISO 9001:2000 requires that the purchasing documentation contains the correct information before issuing it to a supplier. This verification can possibly be done by the purchasing manager or by the purchasing agent.

7.4.3 Verification of purchased product

The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements.

Where the organization or its customer intends to perform verification at the supplier's premises, the organization shall state the intended verification arrangements and method of product release in the purchasing information.

Guidance

An organization needs to ensure that the product or service from the supplier meets its requirements. In most cases, this means that organizations verify the adequacy of the product or service upon receipt. Sometimes, however, an organization chooses to visit the supplier and perform this verification on their premises.

It is important to realize that ISO 9001:2000 does not require that all received product is verified in all cases.  For example, it does not make sense to do a 100% inspection on all shipments of bolts, especially if these bolts hardly affect the quality of products and if the supplier has proven to have had a good history.  The type and extent of the verification of purchased product (or service) should depend on:

-       the type of product or service that is being ordered;

-       the history of the supplier;

-       the characteristics of the supplier (for example: does it have a quality system in place?)

If an organization or its customers want to verify purchased product on the premises of the supplier, then the organization needs to clearly indicate in the purchasing documentation:

-       what is going to be verified;

-       how it is going to be verified.

7.5 Production and service provision

7.5.1 Control of production and service provision

The organization shall plan and carry out production and service provision under controlled conditions. Controlled conditions shall include, as applicable

a)    the availability of information that describes the characteristics of the product,

b)    the availability of work instructions,

c)    the use of suitable equipment,

d)    the availability and use of monitoring and measuring devices,

e)    the implementation of monitoring and measurement, and

f)     the implementation of release, delivery and post-delivery activities.

Guidance

Section 7.1 states that operations need to be controlled in order to be able to provide acceptable product to customers.  Section 7.5.1 requires some specific control mechanisms for organizations, specifically:

-       The availability of information that specifies the characteristics of the product.

For example, in a foundry the exact specifications to which the metal needs to be manufactured will be needed; in a travel agency specific flight information, airport information and conditions for cancellation or change will be needed.

-       The availability of work instructions.  These instructions only need to be documented where the absence of such instructions could adversely affect the quality of the product (see 7.1).

-       The use of suitable equipment for production and service operations.  Ovens are crucial pieces of equipment for foundries to have; computer systems with on-line connection to airlines are probably equally important in travel agencies.

-       The availability and use of monitoring and measuring devices and the implementation of monitoring activities- see 7.6.

-       The implementation of release, delivery, and post-delivery activities.  It should be clear how product is released and delivered to the customer.  For example, delivery can be done by the organization itself or by a subcontractor.   Or, the customer can pick up the product.  In some cases there is a (written or verbal) requirement for the organization to perform additional activities after the delivery of the product to the customer.  Examples of these activities are warranties, software support, and after-installation services.  If there is a requirement to perform these servicing activities, then it should be clear how these activities are performed, and there should be procedures in place for critical activities (as per 7.1).

7.5.2 Validation of processes for production and service provision

The organization shall validate any processes for production and service provision where the resulting output cannot be verified by subsequent monitoring and measurement. This includes any processes where deficiencies become apparent only after the product is in use or the service has been delivered.

Validation shall demonstrate the ability of the processes to achieve planned results.

The organization shall establish arrangements for these processes including, as applicable

a)    defined criteria for review and approval of the processes,

b)    approval of equipment and qualification of personnel,

c)    use of specific methods and procedures,

d)    requirements for records (see 4.2.4), and

e)    re-validation.

Guidance

Verification/inspection of products before they are provided to the customer is a valuable opportunity to prevent delivery of product that does not meet customer’s requirements. However, sometimes it is not possible to fully verify the quality of the product without using or destroying it.  For example, it is not possible to fully verify the strength of a weld unless a destructive test is performed or the product is actually used.  Similarly, for many service industries, the service provided is instantaneous, which does not readily allow verification before delivery of that service.  For example, a lawyer who defends a client in court is obviously not able to verify his services before delivery.  Failure to represent the client correctly will only be detected when the judge rules.

In these cases the activities can only be controlled (validated) with the use of qualified personnel, qualified equipment, and qualified processes based on specific procedures.  A process can be qualified, for example, by doing a destructive test on a sample of the products.  The results of this destructive test can then represent other products with the same characteristics.

ISO 9001:2000 requires that records be maintained for activities that require validation.

It should be noted that validation is only necessary if there is a risk of providing product that does not meet customer’s requirements. For example, esthetic welding may not have to be validated if it does not affect the quality of the product.

7.5.3 Identification and traceability

Where appropriate, the organization shall identify the product by suitable means throughout product realization.

The organization shall identify the product status with respect to monitoring and measurement requirements.

Where traceability is a requirement, the organization shall control and record the unique identification of the product (see 4.2.4).

NOTE  In some industry sectors, configuration management is a means by which identification and traceability are maintained.

Guidance

Activities can only be controlled if it is clear what the status of the product is.  Clear identification of the product can avoid misunderstandings about what has happened to it and what still needs to happen.

For example, product in the receiving area of a manufacturing plant should be clearly marked as to whether a receiving inspection has taken place.  If a receiving inspection has taken place, it should be clear what the result of this inspection was (pass or fail).  Similarly, material that is used in a machine shop should be identifiable as to which specific job it belongs, and in which stage of production it is.  In the service industry, this requirement may have similar importance.  For example, a courier service cannot function without clear identification on the packages as to which services are required (delivery time, registration, etc.), and a warehouse/distributor will need to have some way of identifying the product in stock.

There are several ways of identifying products.  The most obvious is using tags or stickers with part numbers, bar codes, job numbers, etc.  The identification may be engraved in the product itself, or the product may simply be marked by a colour.  Sometimes it is more practical to identify a product by its location.  For example, deficient product may be identified as nonconforming by segregating it and placing it in a specific area that is marked “nonconforming product”.

In all cases ISO 9001:2000 requires that it is clear if the product has been verified/inspected and that the results of the inspection are also clear.

Sometimes traceability is a requirement (and even regulated).  For example, in pressure vessel manufacturing, it is common for the identification of a given material to be recorded and traced through all manufacturing stages.  In this way, the final components can be traced back to the original material certificate.  If traceability is required, ISO 9001:2000 states that the material be uniquely identified and that records are maintained that show evidence of traceability.

7.5.4 Customer property

The organization shall exercise care with customer property while it is under the organization's control or being used by the organization. The organization shall identity, verify, protect and safeguard customer property provided for use or incorporation into the product. If any customer property is lost, damaged or otherwise found to be unsuitable for use, this shall be reported to the customer and records maintained (see 4.2.4).

NOTE: Customer property can include intellectual property).

Guidance

If there are any products, materials, or tools on an organization’s premises that are owned by a customer, workers must exercise care with this property.  This means that they must ensure that the product is not lost or damaged.  If it is lost or damaged, this needs to be recorded and the customer needs to be notified.

Customer property should be identified and verified (for example, by performing a receiving inspection).  Examples of customer property are: motor vehicles left for service or repair, clothing that a customer left at a laundry or customer-owned material in a warehouse.

7.5.5 Preservation of product

The organization shall preserve the conformity of product during internal processing and delivery to the intended destination. This preservation shall include identification, handling, packaging, storage and protection. Preservation shall also apply to the constituent parts of a product.

Guidance

Obviously it is as important that an organization handle its own product/material with care, as it is to protect customer’s property. Some common examples of where special handling techniques are required are:

-       Metals handling where stainless steel can have corrosion resistance impaired if the stainless steel is handled with ordinary steel grips or chains.  Covering the grips, chains, and other handling tools with rubber, plastic, or similar materials is the usual practice. Most copper-based metals are susceptible to corrosion from finger marks.  Where corrosion may affect performance, such as in printed circuit boards or decorative applications, gloves need to be worn to prevent such marking.

-       Food handling where cleaning of utensils after use is very necessary, for health reasons.

-       Electrical and electronic equipment where safe handling practices are required to avoid damage from electrostatic discharges.

Similarly, packing or packaging needs to be done in such a way that it does not affect the product.  Packaging should be appropriate to the product.  For example, bulk grain may be packed by filling the carrying container, provided the container does not contaminate the product.  On the other hand, the packaging of certain chemicals is regulated to ensure that they do not spill or contact with water.

Also, unsuitable storage can deteriorate the condition of product.  Product in stock must be protected, especially if the product has a limited shelf life.  Checking the condition of product in stock regularly can do this.

7.6 Control of monitoring and measuring devices

The organization shall determine the monitoring and measurement to be undertaken and the monitoring and measuring devices needed to provide evidence of conformity of product to determined requirements (see 7.2.1).

The organization shall establish processes to ensure that monitoring and measurement can be carried out and are carried out in a manner that is consistent with the monitoring and measurement requirements.

Where necessary to ensure valid results, measuring equipment shall:

a)    be calibrated or verified at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; where no such standards exist, the basis used for calibration or verification shall be recorded;

b)    be adjusted or re-adjusted as necessary;

c)    be identified to enable the calibration status to be determined;

d)    be safeguarded from adjustments that would invalidate the measurement result;

e)    be protected from damage and deterioration during handling, maintenance and storage.

In addition, the organization shall assess and record the validity of the previous measuring results when the equipment is found not to conform to requirements.  The organization shall take appropriate action on the equipment and any product affected.  Records of the results of calibration and verification shall be maintained (see 4.2.4).

When used in the monitoring and measurement of specified requirements, the ability of computer software to satisfy the intended application shall be confirmed. This shall be undertaken prior to initial use and reconfirmed as necessary.

NOTE  See ISO 10012-1 and ISO 10012-2 for guidance.

Guidance

Verifications, inspections and tests are important ways to ensure that the product meets the customer’s expectations. This can be done by monitoring and measuring the characteristics of the product (see 8.2.4). For example, a pharmacist measures the exact amount and weight of the medicine before providing it to the customer. However, if his measuring device (an electronic scale) is measuring incorrectly, or if it is not accurate enough, then the measurement is useless.

Therefore, this section of ISO 9001:2000 requires organizations to ensure that measurement devices are controlled so that they measure correctly.  Examples of measurement and monitoring devices are: scales, gages, thermometers, micrometers, calipers, and thickness meters.  They should be calibrated periodically.  Calibration is the act of comparing the measurement device against a reference standard to determine how accurate it is and whether or not it is still capable of meeting the precision required for the measurement made with it.  Where necessary, the measuring device needs to be adjusted.

Organizations are free in determining the frequency of calibration, provided that the frequency is consistent with the type of measurement device and the intensity of use.

For a reference standard to have validity, it must be traceable back to an appropriate recognized accurate source. This is normally a national or international standard (such as a meter or a kilogram).  If an (inter)national standard does not exist, then the organization needs to define the reference standard on its own.

It is important to determine how accurate the measurements need to be.  This will depend upon how much tolerance is permissible in what is being measured.  A measuring device usually has to be capable of measuring to a much closer tolerance than the tolerance specified for the item being measured.  Also, there is no point in having measurement devices calibrated to unnecessarily high precision if that precision is not needed for the operation.  A pharmacist typically needs high accuracy equipment, while the accuracy of a wire cutter used by a distributor is relatively low.

The results of the calibrations need to be recorded.  If the measuring device appears to be out of calibration, then it is necessary to look at the results of the measurements that were previously taken with this device.  For example, if a scale is out of calibration, someone may need to re-inspect the product that was recently inspected with this device (provided the product has not yet been shipped to the customer).   Organizations need to decide which corrective action is appropriate (see 8.5.2).

It is important to protect a measuring device from damage or deterioration.  This means that it must be suitably stored when not in use, and it must be correctly handled.  Also, adjustments may invalidate the calibration; a possible prevention method is to ensure that only trained personnel is authorized to use the measuring device.

Sometimes computer software is used in the process of monitoring and measurement of requirements.  If this is the case, then the software must be checked if it performs the required functions.

8 Measurement, analysis and improvement

8.1 General

The organization shall plan and implement the monitoring, measurement, analysis and improvement processes needed

a)    to demonstrate conformity of product,

b)    to ensure conformity of the quality management system, and

c)    to continually improve the effectiveness of the quality management system.

This shall include determination of applicable methods, including statistical techniques, and the extent of their use.

Guidance

The previous sections were related to organizing activities in such a way that customer’s expectations are consistently met.  An organization that has met those requirements has the controls in place, but does not necessarily know if the controls are working.  In order for an organization to improve, it needs to have information on where it stands today.  How satisfied are the customers?  Does the organization actually meet all requirements? Are activities (processes) effectively and efficiently organized?  Does the product actually meet the expectations?  And, what happens if the product does not meet the expectations?

The answers to these questions are related to the requirements in this section.  Improvement will result from analyzing this information and taking the necessary corrective and preventive action.

The information that organizations need does not necessarily have to be sophisticated. Usually a few crucial pieces of information or a short summary can give enough information to determine if action is necessary.  Organizations should define what is the crucial information that they need.  The following paragraphs will help in doing this.

8.2 Monitoring and measurement

8.2.1 Customer satisfaction

As one of the measurements of the performance of the quality management system, the organization shall monitor information relating to customer perception as to whether the organization has fulfilled customer requirements. The methods for obtaining and using this information shall be determined.

Guidance

Probably one of the most crucial categories of information is the satisfaction of customers.   Since customers determine the future of organizations, it needs to be determined how satisfied they are. In order to do this, organizations need to know which issues are important

for their customers and then define how they will measure whether the customers are satisfied with these issues.

One way of getting information about how satisfied customers are is to monitor the customer complaints.  However, it is important to realize that this will give a very limited picture.  First, it is quite common that only a small portion of dissatisfied customers actually complain. Second, customer complaints do not give any information about the satisfied customers.

Customer satisfaction can be objective and subjective.  Examples of objective information are:

-       Did the customer receive the product before 5:00 PM, as required?

-       Was the shipment complete?

Examples of subjective information include:

-       Is the customer satisfied with the way we answered his questions and concerns?

-       Is the customer satisfied with the performance of a product? (for example: a car)

There are several ways of measuring customer satisfaction.  Examples are:

-       Questionnaires and surveys. This is a relatively cost effective way of measuring customer satisfaction, but the downside is that the response may be low.

-       Direct communication with customers. This is much more time consuming, but it is an excellent way of getting to know the needs of customers, and the method itself can contribute to raising customer satisfaction.

-       Reports of consumer organizations. This information gives a good overview, but is not always available and seldom gives information about individual customers.

8.2.2 Internal audit

The organization shall conduct internal audits at planned intervals to determine whether the quality management system

a)    conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and

b)    is effectively implemented and maintained.

An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

The responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records (see 4.2.4) shall be defined in a documented procedure.

The management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification results (see 8.5.2).

NOTE  See ISO 10011-1, ISO 10011-2 and ISO 10011-3 for guidance.

Guidance

A second source of information is a periodic self-assessment (internal audit).  This allows an organization to determine the strengths and weaknesses of the quality system in place.

It should become apparent whether or not the quality system meets the requirements of this standard and if the system has been effectively maintained.

Each organization should appoint an internal auditor who is qualified (see 6.2.1).  This individual should not be auditing his/her own work.  The auditor should be objective and impartial of the audit process.

The planning of audits needs preparation.  Critical areas in the organization or departments that have been reorganized should be audited more frequently and/or more in-depth than other areas.  Similarly, if there are indications of weaknesses in certain areas, for example customer complaints or previous audit findings, then these areas deserve more attention during internal audits.

An auditor should look for evidence of compliance to the requirements.  Are the activities done in the way they should be done?  This is not an exercise in finding mistakes.  Rather, it is gathering information about the system so that the organization knows its strengths and weaknesses and can therefore improve.  Evidence of compliance can be collected, for example, by interviewing people, observing activities and looking at records and procedures.

Organizations need to keep records of the results of internal audits.  This can be done on a checklist or on a report.  Either way, it should be clear which requirements have been audited and which areas were or were not in compliance with the requirements. These results then need to be reported to management so that timely corrective actions can be taken where necessary. The implementation of these corrective actions should then be verified to ensure that the deficiencies have been resolved.

ISO 9001:2000 requires that the responsibilities and requirements for conducting internal audits be documented in a procedure.

8.2.3 Monitoring and measurement of processes

The organization shall apply suitable methods for monitoring and, where applicable, measurement of the quality management system processes. These methods shall demonstrate the ability of the processes to achieve planned results. When planned results are not achieved, correction and corrective action shall be taken, as appropriate, to ensure conformity of the product.

Guidance

The third source of information is related to measurement of processes (activities).  Organizations need to determine how they are going to measure whether activities are being adequately carried out.  Examples of measurements of activities are:

-       Timeliness. A certain operation may typically take 15 minutes.  How often is this operation being performed in 16 minutes or more?

-       Efficiency.  How much of a certain type of material is processed in one hour?  How many people were involved in producing one batch?

-       Reaction time.  What was the reaction time of people to special internal or external requests/concerns (such as customer complaints)?

-       Cost reduction.  What was the reduction of costs related to not meeting the requirements?  An example of these costs is premium freight: extra costs of high-speed delivery because of excessive production times.

8.2.4 Monitoring and measurement of product

The organization shall monitor and measure the characteristics of the product to verify that product requirements are fulfilled. This shall be carried out at appropriate stages of the product realization process in accordance with planned arrangements (see 7.1).

Evidence of conformity with the acceptance criteria shall be maintained. Records shall indicate the person(s) authorizing the release of product (see 4.2.4).

Product release and service delivery shall not proceed until all the planned arrangements (see 7.1) have been satisfactorily completed, unless otherwise approved by a relevant authority, and where applicable by the customer.

Guidance

A fourth source of information is based on measurements of the characteristics of the product (inspections and tests).  This may be a verification of quantity, dimensions, weight, thickness, hardness, etc.  Basically, it covers any activity that determines whether something is acceptable.

Each individual organization needs to decide where these inspections and tests should be carried out.  The general rule is that they should be performed at critical stages of processes. Typically, this is the case when a product is passed on to the next production stage or when there is a substantial risk of errors or deficiencies.  A car manufacturer will want to perform several in-process inspections and inspections of parts because without these inspections a deficiency may not be detected later, or it may be very costly to correct it.

Similarly, the types of inspections or tests performed should be dependent on the critical nature of the product or the process.  In some cases, such as a distributor receiving bearings, an inspection may be as simple as checking the type and number of bearings received.

Inspections of final products are always critical because there will not be opportunity to correct any deficiencies after this point (unless it is not possible to perform a full final inspection – see 7.5.5).

In performing inspection and testing, 100% of the product does not have to be tested.  There are many products made where a sampling procedure is used and the batch passed or rejected on the basis of the sample.  The subsequent detection of nonconforming product (see 8.3) does not mean that the sampling procedure is incorrect.  However, a continuing and perhaps higher than expected level of nonconformances may suggest that the sampling plan or procedure needs investigating.

Obviously, an inspection or test is only useful if the acceptance criteria are known. The result of the inspection or test is either a pass or a fail, based on these acceptance criteria. Preferably, acceptance criteria should be measurable (such as in dimensions or quantities), but they can also be subjective, for example criteria for visual inspections or taste tests.

The results of inspections and tests need to be recorded.  Examples of inspection records are checklists, pick tickets, job cards, or work orders.  In any case, it is wise to use the records that are already in use by the organization as much as possible.  For example, in small machine shops with only a few employees, it is common practice for machine operators to inspect their own work before passing it on to the next machining station.  Consecutive operators sign a job card as it follows the work in progress.  This is a good practice because the work of the next operator down the line is affected if the ‘incoming’ work is not correct.  Also, the next operator can check the previous operator’s work.

The record should clearly state who performed the inspection and what the result of the inspection was (pass/fail).

If an inspection or test needs to be performed, then product should not proceed to the next activity or production stage until the inspection or test has been completed with positive results.  A product can only be released without inspection or test if there is an approval from the customer.

8.3 Control of nonconforming product

The organization shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery. The controls and related responsibilities and authorities for dealing with nonconforming product shall be defined in a documented procedure.

The organization shall deal with nonconforming product by one or more of the following ways:

a)    by taking action to eliminate the detected nonconformity;

b)    by authorizing its use, release or acceptance under concession by a relevant authority and, where applicable, by the customer;

c)    by taking action to preclude its original intended use or application.

Records of the nature of nonconformities and any subsequent actions taken, including concessions obtained, shall be maintained (see 4.2.4).

When nonconforming product is corrected it shall be subject to re-verification to demonstrate conformity to the requirements.

When nonconforming product is detected after delivery or use has started, the organization shall take action appropriate to the effects, or potential effects, of the nonconformity.

Guidance

It is important that inspections are carried out; it is equally important that people know what to do with the nonconforming (deficient) product if it fails the inspection.  Most importantly, organizations should ensure that nonconforming products are not treated as conforming product and delivered to the customer.

Control of nonconformity should be done by clearly identifying the product as nonconforming.  Segregation in designated areas and marking of the product are the most obvious examples.

Someone in each organization should have the authority to decide what to do with nonconforming product.  The product may be corrected by repairing, reworking, or re-grading for alternative applications.  If all other approaches fail, the product can be scrapped.

Unless it is scrapped, the nonconforming product (after repair, rework, etc.) should be re-inspected.  Sometimes it is an option to use nonconforming product and release it to the customer.  This is only allowed with a concession (approval) from the customer and/or other parties.

In the event that a nonconformance is detected after delivery, appropriate actions need to be taken.  For example, if a catering company discovers that it has inadvertently used processed meat that was past its ‘use-by-date’ (shelf life), a number of actions might be required to fix the problem:

-       investigate to find out the extent of the problem;

-       segregate and quarantine the product;

-       recall the product from retail outlets and customers;

-       involve regulatory authorities.

For service industries, it may be difficult or impossible to physically identify or segregate nonconforming service.  These organizations, however, are still required to ensure that the nonconforming service does not reach the customer, where possible, and to correct the problem.

ISO 9001:2000 requires that a documented procedure describe how nonconforming products are controlled, as well as the related responsibilities and authorities.

8.4 Analysis of data

The organization shall determine, collect and analyze appropriate data to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of the quality management system can be made. This shall include data generated as a result of monitoring and measurement and from other relevant sources.

The analysis of data shall provide information relating to

a)    customer satisfaction (see 8.2.1),

b)    conformance to product requirements (see 7.2.1),

c)    characteristics and trends of processes and products including opportunities for preventive action, and

d)    suppliers.

Guidance

The sources of information listed above can provide organizations with valuable data, but this data is only valuable if it is analyzed.  For example, the data may indicate that there was an increase in the number of nonconforming products in a certain period.  However, it is only possible for an organization to take the necessary action (see 8.5) if it is provided with an analysis of this data.  For example: What was the type of nonconforming product?  What was the main cause of the nonconformances?  Were there any circumstances that were different from previous periods?  Is this problem confirmed by other sources of information, such as internal audits?

The results of the analysis should enable organizations to answer the following questions: How satisfied are customers?  Are customers’ requirements being met?  Do processes and products meet the requirements?  How do suppliers perform?

8.5 Improvement

8.5.1 Continual improvement

The organization shall continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions and management review.

Guidance

Each organization should continually seek to improve, rather than wait for a problem to reveal opportunities for improvement.  Potential improvements can range from short projects to long-term activities. Examples are:

-       Sitting down with the most important suppliers in order to increase the effectiveness of the communication and to reduce nonconformances;

-       Making an action plan to reduce the reject from a certain type of machine;

-       Finding opportunities to reduce the delivery time.

Continual improvement should be based on all relevant information available.  Audit results and other data should be analyzed (see 8.4) and compared with the policy and objectives (see 5.4 and 5.5) so that corrective and preventive actions can be taken to ensure continual improvement (see 8.5.2 and 8.5.3).  Management reviews should be used as tools for enhancing this improvement process (see 5.7).

8.5.2 Corrective action

The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence. Corrective action shall be appropriate to the effects of the nonconformities encountered.

A documented procedure shall be established to define requirements for

a)    reviewing nonconformities (including customer complaints),

b)    determining the causes of nonconformities,

c)    evaluating the need for action to ensure that nonconformities do not recur,

d)    determining and implementing action needed,

e)    records of the results of action taken (see 4.2.4), and

f)     reviewing corrective action taken.

Guidance

Improvement does not happen without implementing changes. This requirement is related to ensuring that actions are identified, taken and verified for implementation/effectiveness. If a problem occurs, action needs to be taken to ensure that the problem is corrected and that it does not re-occur. This involves finding the cause of the problem, recording the results of the action taken and verifying that the action was effective. The intent of this requirement is to have a disciplined approach for making sure that actions happen and are effective.

8.5.3 Preventive action

The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems.

A documented procedure shall be established to define requirements for

a)    determining potential nonconformities and their causes,

b)    evaluating the need for action to prevent occurrence of nonconformities,

c)    determining and implementing action needed,

d)    records of results of action taken (see 4.2.2), and

e)    reviewing of preventive action taken.

Guidance

It is better to prevent a problem than to correct a problem.  Based on the information available to them, organizations must identify ways of preventing problems from occurring in the first place.  Examples of preventive actions are:

-       purchasing additional tools or machinery, because of an expected increase in activities or production;

-       checking computer systems to see if they are capable of handling information from a new customer;

-       introducing a new identification system for nonconforming product, so that any potential misunderstandings can be avoided.

Preventive actions should be handled in the same way as corrective actions. There should be a disciplined approach for ensuring that they are implemented and effective (see 8.5.2).

-      END  -

Company Profile

Company Name:                System Industrie Electronic USA, INC

Head Office

Contact Person:                   Michael Iorio

Title :                                       President

Address:                                3149 Skyway Circle Melbourne FL 32934

Telephone:                            321-751-1366

Fax:                                        321-751-1367

E-mail:                                    info@sie-usa.com

Web Site Address:               www.sie-usa.com

Date Incorporated:               May 1, 1999